mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-11 13:14:25 +01:00
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance to be marked valid. This is to fix an incorrect "invalid public key" error verifying a signature made by a revoked signing subkey, with a valid unrevoked primary key.
This commit is contained in:
parent
dbe54c8bd5
commit
7178a8056c
@ -1,3 +1,11 @@
|
|||||||
|
2002-11-12 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys
|
||||||
|
carry these facts onto all their subkeys, but only after the
|
||||||
|
subkey has a chance to be marked valid. This is to fix an
|
||||||
|
incorrect "invalid public key" error verifying a signature made by
|
||||||
|
a revoked signing subkey, with a valid unrevoked primary key.
|
||||||
|
|
||||||
2002-11-09 Werner Koch <wk@gnupg.org>
|
2002-11-09 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* passphrase.c (agent_send_all_options): Use tty_get_ttyname to
|
* passphrase.c (agent_send_all_options): Use tty_get_ttyname to
|
||||||
|
38
g10/getkey.c
38
g10/getkey.c
@ -1834,21 +1834,6 @@ merge_selfsigs( KBNODE keyblock )
|
|||||||
}
|
}
|
||||||
|
|
||||||
merge_selfsigs_main ( keyblock, &revoked );
|
merge_selfsigs_main ( keyblock, &revoked );
|
||||||
main_pk = keyblock->pkt->pkt.public_key;
|
|
||||||
if ( revoked ) {
|
|
||||||
/* if the primary key has been revoked we better set the revoke
|
|
||||||
* flag on that key and all subkeys */
|
|
||||||
for(k=keyblock; k; k = k->next ) {
|
|
||||||
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|
|
||||||
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
|
|
||||||
PKT_public_key *pk = k->pkt->pkt.public_key;
|
|
||||||
pk->is_revoked = 1;
|
|
||||||
pk->main_keyid[0] = main_pk->main_keyid[0];
|
|
||||||
pk->main_keyid[1] = main_pk->main_keyid[1];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* now merge in the data from each of the subkeys */
|
/* now merge in the data from each of the subkeys */
|
||||||
for(k=keyblock; k; k = k->next ) {
|
for(k=keyblock; k; k = k->next ) {
|
||||||
@ -1857,12 +1842,25 @@ merge_selfsigs( KBNODE keyblock )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If the main key is not valid, then the subkeys aren't either,
|
main_pk = keyblock->pkt->pkt.public_key;
|
||||||
even if they have binding sigs. */
|
if ( revoked || main_pk->has_expired || !main_pk->is_valid ) {
|
||||||
|
/* if the primary key is revoked, expired, or invalid we
|
||||||
|
* better set the appropriate flags on that key and all
|
||||||
|
* subkeys */
|
||||||
|
for(k=keyblock; k; k = k->next ) {
|
||||||
|
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|
||||||
|
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
|
||||||
|
PKT_public_key *pk = k->pkt->pkt.public_key;
|
||||||
if(!main_pk->is_valid)
|
if(!main_pk->is_valid)
|
||||||
for(k=keyblock; k; k=k->next)
|
pk->is_valid = 0;
|
||||||
if(k->pkt->pkttype==PKT_PUBLIC_SUBKEY)
|
if(revoked)
|
||||||
k->pkt->pkt.public_key->is_valid=0;
|
pk->is_revoked = 1;
|
||||||
|
if(main_pk->has_expired)
|
||||||
|
pk->has_expired = main_pk->has_expired;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* set the preference list of all keys to those of the primary real
|
/* set the preference list of all keys to those of the primary real
|
||||||
* user ID. Note: we use these preferences when we don't know by
|
* user ID. Note: we use these preferences when we don't know by
|
||||||
|
Loading…
x
Reference in New Issue
Block a user